DEVOPSdigest

To keep up with modern banking and credit card demands, software delivery teams need to release software in a continuous, reliable fashion. As Discover began adopting an open, hybrid, fit-for-purpose, multicloud approach, we also faced a new challenge: How could we enable teams to release necessary software updates and features while maintaining a secure, reliable infrastructure that customers can trust?

We used the power of open-source principles within our internal community of developers to create a company-wide CI/CD pipeline that enables teams to deliver high quality software iteratively in a reliable, secure manner.

Securing Deployments Across an Enterprise

As we set out toward modernizing our platforms, teams naturally used containerization and the underlying open-source tools that enabled containerization at scale, including React, SpringBoot, Jenkins and Kubernetes. Application teams quickly began working on their own build and deployment processes, resulting in hundreds of solutions for the same problem.

With reliability and security at the forefront of how Discover delivers software, there was a growing need to standardize the way that software was built and deployed.

The architecture team initially created a grassroots CI/CD pipeline known as Trident and planned to improve it with help from the community of engineers at Discover. Even though the pipeline had the right bones and structure in place, it lacked the broad engineering support for company-wide adoption. The Trident team established an inner source model to not only improve the pipeline but also to increase adoption by the engineers who now felt invested in its success.

Standardization Through Inner Source

Collaboration through an inner source model was the key to improving the Trident pipeline at Discover and increasing adoption.

The key onboarding mechanism for educating the company’s engineers was through an online community called the Discover Technology Academy(link is external). Here, the core Trident team was able to communicate via a centralized hub for training, documentation, and answering engineer’s ongoing questions around how to use and improve Trident.

The core Trident team is comprised of developers and engineers whose job is to build and maintain the Trident pipeline. All Trident contributors, whether from the Core team or from the inner source community, work from respective feature branches which are created off the currently staged version of the pipeline. Once features are tested, approved, and completed, that feature branch is then merged to the staging branch, where the inner-source teams are configured to use for their own deployment activities.

Weekly, features staged at a given point are merged into the main pipeline branch, releasing new functionalities to the development community.

There are also weekly meetings where the core Trident team and the inner source community meet to discuss current and future implementations and the overall direction of the pipeline. This meeting ensures that the Trident team and the application development community of contributors are aligned.

This inner source model borrows heavily from open-source principles to ensure that as various teams make changes and improvements to the code base, there are mechanisms in place to contribute those changes back to the overall project and community, improving the product for everyone at Discover.

A Refreshed Pipeline Ready for Modern Workloads

With Trident, teams can use automated onboarding processes, configure their applications using our well-documented GitOps approach to CI/CD, and take advantage of standardized processes for building, deploying, and releasing software. The core principles of Trident include:

Consistency and standardization

Trident offers separate pipelines for build, code promotions, and releases that are templatized within release environments to ensure consistency. Teams can simply use these templates and adapt them within the parameters to meet their deployment needs. All subsystems in the CI/CD ecosystem adhere to standardized roles and responsibilities so there is consistency across teams and solutions.

Developer choice and simplicity

Consumable pipelines enable teams to use the test suites and scripts that fit their continuous delivery needs. The Trident solution is agnostic – teams can choose the programming language, platform, and development stacks that suit their needs best.

All changes are submitted via pull requests, with orchestrator and deployment complexity abstracted away to create a simple developer experience.

Quality, governance, and compliance assurance

Built-in traceability, logging, and API-driven interactions create evidence across the various stages of the CD pipeline. If any issues arise, they can be easily addressed and fixed. With Trident, the CD pipeline is stopped to address quality issues instead of finding issues and addressing them later.

Trident uses various quality gates to enforce standards and controls relating to quality, governance, and compliance. This quality gate ensures changes are eligible for automated deployment based on an automated review of gathered evidence, and after ensuring the release pipeline is repeatable and low risk.

The question of how to deliver software in a continuous, secure, reliable nature is one that most large companies have top of mind. By adopting an open-source approach to CI/CD, Discover was able to onboard all its developers and engineers to a model that secures deployments and ensures the ongoing success of the Trident pipeline. Not only does using inner source make a program stronger, it gives engineers a stake in the software and the power to apply their knowledge to help the entire company

Visit the Discover Technology site(link is external) to learn more about how Discover engineers are shaping the future of fintech through its people, processes, and technology.